SUBJECT: NATIONAL INFRASTRUCTURE PROTECTION CENTER INFORMATION SYSTEM
ADVISORY (NIPC ADVISORY 00-038); SELF-PROPAGATING 911 SCRIPT
1. A RECENT AND BREAKING FBI CASE HAS REVEALED THE CREATION AND
DISSEMINATION OF A SELF-PROPAGATING SCRIPT THAT CAN ERASE HARD DRIVES
AND DIAL-UP 911 EMERGENCY SYSTEMS. WHILE INVESTIGATION AND TECHNICAL
ANALYSIS CONTINUE, THE SCRIPT APPEARS TO INCLUDE THE FOLLOWING
CHARACTERISTICS:
A. ACTIVELY SEARCH THE INTERNET FOR COMPUTER SYSTEMS SET UP FOR FILE
AND PRINT SHARING AND COPY ITSELF ON TO THESE SYSTEMS.
B. OVERWRITE VICTIM HARD DRIVES.
C. CAUSE VICTIM SYSTEMS TO DIAL 911 (POSSIBLY CAUSING EMERGENCY
AUTHORITIES TO CHECK OUT SUBSTANTIAL NUMBERS OF "FALSE POSITIVE"
CALLS).
2. TO THIS POINT CASE INFORMATION AND KNOWN VICTIMS SUGGEST A
RELATIVELY LIMITED DISSEMINATION OF THIS SCRIPT IN THE HOUSTON, TEXAS
AREA, THROUGH SOURCE COMPUTERS THAT SCANNED SEVERAL THOUSAND COMPUTERS
THROUGH FOUR INTERNET SERVICE PROVIDERS (AMERICA ON-LINE, AT&T, MCI,
AND NETZERO). DISSEMINATED SCRIPT MAY BE PLACED IN HIDDEN DIRECTORIES
NAMED CHODE, FORESKIN OR DICKHAIR. FURTHER SCRIPT ANALYSIS BY THE
FBI/NIPC CONTINUES.
3. FBI/NIPC REQUESTS RECIPIENTS IMMEDIATELY REPORT INFORMATION
RELATING TO USE OF THIS SCRIPT TO THE LOCAL FBI OR FBI/NIPC WATCH AT
202-323-3204/3205/3206. AS MORE TECHNICAL OR OPERATIONAL INFORMATION
ABOUT THIS SCRIPT DEVELOPS, NIPC WILL DISSEMINATE THIS INFORMATION
THROUGH THE CARNEGIE MELLON CERT, ANTIVIRUS VENDORS OR ITS OWN WEB
SITE (www.nipc.gov), AS APPROPRIATE.
_________________________________________________________________
[ [1]Back to Advisories, Alerts and Warnings ]
References
1. http://www.fbi.gov/nipc/nipcaaw.htm